m365 podcast

Malicious OAuth apps are an issue that has plagued M365 for many years. By default, end users are given great freedom to “authorize” OAuth apps and provide them access to the M365 tenant, unknowingly creating a security issue that persists even once the affected user’s password has changed! 

In today’s episode, Andy and Paul Schnakenburg discuss the danger of malicious OAuth apps at length, providing listeners info on the danger, what you can do about it, and what you need to look out for! Hope you enjoy! 

Timestamps:

In this week’s episode, Andy and Paul have a discussion that has been brewing for the past several episodes. Microsoft has experienced a series of security incidents in the last few years. For example, the SolarWinds debacle in 2020, multiple exchange server on-prem issues, and more recently the Storm-0558 incident. 

The core issue that all these problems raise, especially for a major global cloud provider, is trust. Can Microsoft be trusted to secure these services that millions around the globe use every single day? This is the main question that the guys get into in this episode along with lots of other great discussions around security in the Microsoft Cloud.  

Timestamps:

Paul Schnackenburg joins Andy in this episode to discuss the recent rebranding of Azure AD to Microsoft Entra ID, as well as talk about some new identity features in the Microsoft Cloud. To kick things off, they provide a brief overview of what Azure AD is/was and its crucial role in the Microsoft Cloud ecosystem.  

Amidst the changes, Andy and Paul emphasize a critical point: IT professionals and security experts primarily care about understanding a platform's functionality, features, and ability to solve real-world problems. The name may change, but the core value remains the same.

Timestamps: